Professional Documents
Culture Documents
CONFIGURATION
Purpose
This document is part of the users guide to the installation and configuration of BinTec gateways running software release 7.1.1 or later. For up-to-the-minute information and instructions concerning the
latest software release, you should always read our Release Notes, especially when carrying out a
software update to a later release level. The latest Release Notes can always be found at
www.bintec.net.
Liability
While every effort has been made to ensure the accuracy of all information in this manual, BinTec Access Networks GmbH cannot assume liability to any party for any loss or damage caused by errors or
omissions or by statements of any kind in this document and is only liable within the scope of its terms
of sale and delivery.
The information in this manual is subject to change without notice. Additional information, changes and
Release Notes for BinTec routers can be found at www.bintec.net.
As multiprotocol routers, BinTec routers set up WAN connections in accordance with the system configuration. To prevent unintentional charges accumulating, the operation of the product should be carefully monitored. BinTec Access Networks GmbH accepts no liability for loss of data, unintentional
connection costs and damages resulting from unsupervised operation of the product.
Trademarks
BinTec and the BinTec logo are registered trademarks of BinTec Access Networks GmbH.
Other product names and trademarks mentioned are usually the property of the respective companies
and manufacturers.
Copyright
All rights are reserved. No part of this publication may be reproduced or transmitted in any form or by
any means graphic, electronic, or mechanical including photocopying, recording in any medium,
taping, or storage in information retrieval systems, without the prior written permission of BinTec Access Networks GmbH. Adaptation and especially translation of the document is inadmissible without
the prior consent of BinTec Access Networks GmbH.
BinTec routers comply with the following guidelines and standards:
R&TTE Directive 1999/5/EC
CE marking for all EU countries and Switzerland
You will find detailed information in the Declarations of Conformity at www.bintec.net.
BinTec France
6/8 Avenue de la Grande Lande
F-33174 Gradignan
France
Telephone: +33 5 57 35 63 00
Fax: +33 5 56 89 14 05
Internet: www.bintec.fr
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.2
Access Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.1
2.2
2.3
Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.1
3.2
Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.1
HTML Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.1.1
4.2
ASCII Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Setup Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.2.1
Menu Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.2.2
Menu Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.2.3
Search Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.2.4
Change Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.2.5
Menu Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.2.6
4.3
SNMP Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.4
SNMP Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Contents
This chapter explains the structure of this manual and the content of the individual chapters and the use of symbols and typographical elements.
1.1
Contents
Contents
Instructions on installing and taking your gateway into operation, and how to create in a few
minutes a basic configuration using the HTML
Wizard.
"Technical Data"
"Glossary"
Table 1-1:
List of Chapters
1.2
To help you locate and interpret information easily, this manual uses the following visual aids:
Symbol
Meaning
Indicates text where troubleshooting notes are
given.
Attention!
Warning!
Table 1-2:
List of symbols
The following typographical elements are used to help you find and interpret the
information in this manual:
Typographical element
Meaning
Lists up to level 2.
MENU SUBMENU
File Open
Typographical element
Meaning
non-proportional
(Courier), e.g.
ping 192.168.1.254
bold, e.g.
MIB
bold, e.g.
Windows start menu
bold and cursive, e.g.
BIBOADMLOGINTABLE
cursive, e.g.
none
Online: blue
Indicates hyperlinks.
Table 1-3:
Typographical elements
Access Options
In the following chapter you will find a description of the different access
options. Please select the option that fits best to your convenience.
For the configuration of your gateway you have the following access options:
2.1
Each BinTec gateway is equipped with a serial interface at which you can
setup a direct connection to a PC. The following chapter describes what
to observe when setting up a serial connection and how to configure the
gateway.
2.1.1
Access via serial interface is recommended if you like to create the initial
gateway configuration and if a LAN connection is not possible via the preconfigured IP address (192.168.0.254/255.255.255.0).
Windows
Please follow the instructions in the Quick Install Guide to connect your gateway to your PC via serial interface. The printed version of the Quick Install
Guide is included in the gateway delivery size. Additionally, you can find the
electronical version on the Companion CD.
If you use a Windows-PC for setting up the serial connection a terminal program
is required, e.g. HyperTerminal. Please check whether HyperTerminal was installed during the Windows installation. You can also use any other terminal
program that can be adjusted to the respective parameters (see below).
Access Options
ToDo
If you have installed BRICKware as described in the Quick Install Guide, two
links are provided. If you use these for the serial connection of your gateway,
you do not need to specify any settings.
Please take the following steps to access your gateway via serial interface:
1.
2.
Press Return (possibly several times) when the HyperTerminal screen has
opened.
The login prompt window is displayed. You are on the SNMP shell of your gateway. Now you can log in to your gateway and start the configuration.
Check
If the login prompt is not displayed even after repeatedly pressing Return, the
connection of your gateway failed.
Therefore check the settings of COM1 resp. COM2 at your PC:
1.
2.
Data bits: 8
Parity: None
Stopbits: 1
3.
4.
In Settings select:
5.
Emulation: VT100
Click OK.
10
Unix
A terminal program such as cu (for System V), tip (for BSD) or minicom (for
Linux) is required. The settings for these tools are as decribed above.
Example for a command line to use cu: cu -s 9600 -c/dev/ttyS1
Example for a command line to use tip: tip -9600 /dev/ttyS1
2.2
Accessing your gateway via one of the Ethernet interfaces provides the
possibility to configure the gateway via HTML user interface. The HTMLWizard is the easiest configuration option.
You can access the SNMP shell not only via a web browser but also via a Telnet
connection so that you can adjust additional configuration settings as described
in the chapter Configuration Options on page 17.
ToDo
You do not need any further software on your PC to set up a Telnet connection
to your gateway: Telnet is a standard tool of all operating systems.
Take the following steps:
Windows
1.
2.
3.
Click OK.
The login prompt window is displayed. You have now accessed the SNMP shell
of your gateway.
4.
Unix
Under UNIX and Linux you can set up a Telnet connection as well:
1.
The login prompt window is displayed. You have now accessed the SNMP shell
of your gateway.
2.
11
Access Options
2.3
All gateways with ISDN interface can be addressed and configured by another gateway using an ISDN call.
Access via ISDN with ISDN login is especially recommended if your
gateway is to be operated via remote configuration and maintenance. This is
possible even if your gateway configuration is still in ex works state. The gateway then is accessed by means of a BinTec gateway already configured or a
PC with ISDN card in the remote LAN. The BinTec gateway in the own LAN that
is to be configured is addressed by a calling number of the ISDN connection
(e.g. 1234). This e.g. enables the administrator in the remote LAN to configure
your gateway without being on site.
If you connect an unconfigured gateway and a telephone system (PABX)
in parallel at the ISDN connector, the telephone system cannot answer incoming calls as long as no ISDN number is configured on the gateway.
Attention!
Consider the costs of an ISDN connection! If your gateway and your PC
are connected to the same LAN, the access to your gateway via LAN or via
the serial interface is more economical.
ToDo
2.
3.
The login prompt window is displayed. You have now accessed the SNMP shell
of your gateway.
4.
12
Login
By means of predefined access data you can log in to your gateway and
carry out different jobs. The range of the allowed transactions is limited
according to the authorizations of the respective user.
In each access option, first the login prompt is displayed. Without authorisation
you cannot read any information on your gateway nor modify the configuration.
You do not need to log in to read the basic information which is displayed on the
HTTP status page. You can open it via LAN by entering the IP address of the
gateway (in ex works state: 192.168.0.254) into a web browser.
3.1
Password
Authorisations
admin
bintec
write
public
read
public
http
bintec
Open HTTP status page of your gateway, read system variables (except
passwords), no login.
Table 3-4:
It is possible to modify and save the configuration only if you login with the user
name admin. As well the access data (user names and passwords) can only
13
Login
be modified if the user logs in as admin. The passwords are not displayed in
plain text in the Setup Tool for safety reasons, but are visible as asteriks. The
user names, however, are written in plain text.
For safety reasons with the user name read you can read all configuration settings except the access data. Thus it is impossible to login with read, then read
the password of the user admin and afterwards login as admin to modify the
configuration.
3.2
ToDo
Enter your user name , e.g. admin, and confirm with Enter.
2.
Your gateway answers with the login prompt, e.g. VPN 100:> . Login has been
successfully completed. You now accessed the SNMP shell.
How to login via the HTML user interface:
1.
Enter your user name into the field User name of the login window.
2.
Enter your password into the field Password of the login window.
The HTTP status page of the gateway opens in the browser and displays the
available options.
Attention!
All BinTec gateways are shipped with the same user names and passwords. As long as the password remains unchanged, they are not protected against unauthorized use. How to change the passwords is described
in Change Password on page 24.
Change the passwords to prevent unauthorized access to your gateway.
If you have forgotten your password, you must reset your gateway to the
ex works state, which means your configuration will be lost.
14
To leave the SNMP shell after completing the configuration enter exit and
press Enter.
15
16
Login
Configuration Options
This chapter contains not only an overview of the different tools you can
use for the configuration of your gateway, but also an introduction to the
application of the Setup Tool.
The following configuration options are available:
LAN
HTML Wizard, HTML Setup Tool, ASCII Wizard, ASCII Setup Tool, Configuration Manager,
Shell commands
Serial connection
ISDN Login
Table 4-5:
For each type of connection several configuration options are hence available.
Note
17
Configuration Options
4.1
HTML Wizard
4.1.1
ASCII Version
If you cannot access your gateway via your LAN or cannot start the HTML
Wizard for any other reason, you can start the ASCII version of the Wizard
on the SNMP shell. Thus you can use all features of the Wizard via a serial
connection.
ToDo
You can start the ASCII version of the Wizard with all available types of connection: connection to the gateway via LAN, via serial connection or via ISDN login.
Log in as admin and access on SNMP shell is required.
Take the following steps:
18
1.
Log in to the gateway as admin. See Login for Configuration on page 14.
2.
Setup Tool
The ASCII version of the Wizard starts. In this version all configuration options
of the HTML version are available. The help texts can be opened by selecting
the HELP menu.
4.2
Setup Tool
As HTML page in each web browser currently available with activated Javascript. In the Quick Install Guide, you find a short description of how to
start the HTML Setup Tool (printed version included in delivery size or available on the Companion CD).
The two versions of the Setup Tool differ in presentation but include the same
functionalities.
ToDo
You can start the ASCII version of the Setup Tool with any connection to the
gateway: connection via LAN, via serial interface or via ISDN login.
Take the following steps to start the Setup Tool session:
1.
2.
The menu line contains a navigation help that displays the menu of the Setup Tool you are currently editing. Additionally, the system name of your
19
Configuration Options
The configuration window contains the lines where you actually enter or adjust the required settings. All settings are displayed as well. The field where
the cursor is currently positionned is displayed inverse.
The help line indicates the possible entries or navigation options in the respective menu.
Menu Line
Configuration Window
ISDN S0
AUX
WAN Partner Security PPTP
IP PPP BRRP CREDITS QoS
Help Line
IPSEC
VoIP GRE
Configuration Management
Monitoring and Debugging
Exit
__________________________________________________________________________
Press <Ctrl-n>, <Ctrl-p> to scroll through menu items, <Return> to enter
You will quickly get familiar with the easy handling of the Setup Tool. Nevertheless, you should go in for the basic options.
4.2.1
Menu Navigation
You can use the following keys or key combinations to navigate the various
menus in the Setup Tool:
20
Key combination
Meaning
Tabulator
Setup Tool
Key combination
Meaning
Return
up or down
(arrow keys)
left or right
(arrow keys)
Esc Esc
Esc twice in succession: To return to the previous menu. Cancels any changes made.
Space
Ctrl - l
Ctrl - n
Ctrl - p
Ctrl - f
Ctrl - b
Ctrl - c
Table 4-6:
21
Configuration Options
4.2.2
Menu Commands
When you navigate in the Setup Tool, you will notice that some menus include
specific command options, e.g. DELETE, SAVE, CANCEL. The respective
commands have the following meaning:
Menu command
Meaning
ADD
CANCEL
DELETE
OK
SAVE
EXIT
Table 4-7:
To save the configuration to the flash memory, you must quit the Setup Tool with
Save as boot configuration and exit.
Note
22
Setup Tool
4.2.3
Search Lists
Some menus in the Setup Tool contain lists with several items, e.g. the menu
WAN PARTNER, where all WAN partners are listed:
VPN Access Setup Tool
[WAN]: WAN Partners
Protocol
ppp
ppp
ppp
ppp
ppp
DELETE
State
dormant
dormant
dormant
dormant
dormant
EXIT
The entries are listed in alphabetical order of the content of the first field. The
search for list entries is incremental. This is most helpful with very long lists.
ToDo
Enter the intitial character of the entry you are looking for with the cursor
located on one of the list items. Entries can be made in upper or lower case.
2.
3.
The Cursor automatically moves to the first match. The characters entered for
the search are displayed in the help line at the bottom of the menu.
Do not enter invisible characters, such as Tabulator or Space, as they stop the
search and could lead to a function initiation.
Make sure the cursor is positioned on a list item.
Note
23
Configuration Options
In the menu WAN PARTNER described above the entries provide the following
search results:
Entry
p or P
Partner1
Provider
partner2
Table 4-8:
4.2.4
Search results
Change Password
The procedure described below for changing the password applies to all passwords for your gateway: the access passwords for the user names admin,
read and write, the HTTP server password, the PPP password, the provider
password, and the Activity Monitor password.
Any character may be used for entering a password. Passwords are only displayed as asterisks, even during password changes. The number of asterisks
is the same as the number of characters in the password.
Note
To start the Setup Tool of your gateway in a mode in which the passwords are
displayed in plain text and can be changed once by editing, you must enter the
command setup -p. This option is only available if you have logged in to your
gateway with the user name admin.
In the password field the Backspace key always deletes the complete entry,
not just one character.
Change password
Take the following steps:
24
1.
Select the password field in the desired menu and enter the new password.
2.
The field changes to change mode and the message Change Password
is displayed in the help line.
Setup Tool
3.
4.
Now enter the new password again and confirm by pressing Return,
Tabulator or a Cursor key.
If you have entered the repeat password correctly, the password is
changed. The new password is saved on leaving the menu with the SAVE
button. If you leave the menu by pressing CANCEL or Esc Esc, the password change is not saved.
If the two entries did not match, the field is reset to the old password and
the help line shows the following message: "Password doesnt
match. Try again." in the display.
4.2.5
Menu Architecture
System
Physical Interfaces:
Ethernet Unit 1
Ethernet Unit 2
Ethernet Unit 3
ISDN S0
AUX
WAN Partner Security PPTP
IP PPP BRRP CREDITS QoS
IPSEC
VoIP GRE
Configuration Management
Monitoring and Debugging
Exit
Press <Ctrl-n>, <Ctrl-p> to scroll through menu items, <Return> to
enter
25
Configuration Options
The menu architecture (root menu and first submenu) of the Setup Tool has the
following structure:
System
IP
Security
VoIP
Routing
Access Lists
Static Settings
Gatekeeper Settings
Keepalive Monitoring
Stateful Inspection
NAT
Monitoring
Password settings
SSH Daemon
Bandwidth Mngmnt.
PPTP [ADD]
PPP
SNMP
Virtual Interfaces
Advanced Settings
Remote Authentication
IP
DNS
ISDN S0
Incoming Call Answering
DynDNS
IPSEC
Pre IPSec Rules
AUX
Profile <1 - 4>
WAN Partner [ADD]
PPP
Advanced Settings
WAN Numbers
Configure Peers
PPP
BRRP
Task Definition
Configuration
Certificate/Key Mngmnt.
Monitoring
Advanced Settings
IP
Routing Protocols
CREDITS
Wizard
ISDN Credits
Monitoring
xDSL Credits
Bridge
Proxy Settings
GRE
Configuration Mngmnt.
Monitoring/Debugging
ISDN Monitor
ISDN Credits
xDSL Credits
X.25 Monitor
Interfaces
Messages
Email Alert
TCO/IP
IPSec
OSPF
Exit
QoS
IP Filter
IP Classif. and Sign.
Interfaces and Policies
Convention
The following convention is used in this manual:
26
Setup Tool
Summary
For easier orientation during configuration the menus are briefly described as
follows:
Menu
Function
SYSTEM
In this menu you enter the basic system settings of your gateway, as e.g. system name and
passwords.
ISDN S0
27
28
Configuration Options
Menu
Function
AUX
WAN PARTNER
SECURITY
In this menu you configure the security functions of your gateway, e.g. Stateful
Inspection Firewall and Content Filtering.
PPTP
In this menu you configure VPN connections via PPTP for the secured data transfer via
Internet.
IPSEC
IP
PPP
BRRP
CREDITS
QOS
VOIP
Setup Tool
Menu
Function
GRE
CONFIGURATION
MANAGEMENT
In this menu you can administrate your gateways configuration files. You can save them
e.g. either locally on your gateway or on your
PC.
MONITORING AND
DEBUGGING
EXIT
Table 4-9:
4.2.6
29
Configuration Options
mended: The IPsec Wizard ensures that the IPSec configuration on your gateway is correct and executable.
An incomplete configuration can result in the abort of all LAN connections. In this case you can only access the gateway via serial interface or
ISDN login.
Attention!
4.3
SNMP Shell
4.4
SNMP Manager
30